Sebastian Köhler (University of Oxford)

Brokenwire is a novel attack against the Combined Charging System, one of the most widely used DC rapid charging technologies for electric vehicles (EVs). It interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. The attack requires only temporary physical proximity and can be conducted wirelessly from a distance, allowing individual vehicles or entire fleets to be disrupted stealthily and simultaneously. In addition, it can be mounted with off-the-shelf radio hardware and minimal technical knowledge. By exploiting CSMA/CA behavior, only a very weak signal needs to be induced into the victim to disrupt communication — exceeding the effectiveness of broadband noise jamming by three orders of magnitude. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 & ISO 15118 standards and all known implementations exhibit it.

In this session, we will present how we studied the attack in a controlled environment on a testbed and then demonstrated it against eight vehicles and 20 chargers in real deployments. We further show how we evaluated the attack in different scenarios, including between the floors of a building (e.g., multi-story parking), through perimeter fences, and from ‘drive-by’ attacks. Finally, we present our heuristic model that we used to estimate the number of vehicles that can be attacked simultaneously for a given output power.

Brokenwire has immediate implications for a substantial proportion of the around 12 million battery EVs on the roads worldwide — and profound effects on the new wave of electrification for vehicle fleets, both for private enterprise and crucial public services, as well as electric buses, trucks and small ships. As such, we conducted a disclosure to the industry and discussed a range of mitigation techniques that could be deployed to limit the impact.

Speaker’s Biography

Sebastian Köhler is a doctoral researcher in the Centre for Doctoral Training in Cyber Security at the University of Oxford and part of the Systems Security Lab, focusing on the security of the physical-layer of large and complex systems, such as vision-based intelligent and automotive systems. He started specializing on Cyber Security during his undergraduate studies at the University of Applied Sciences Wurzburg-Schweinfurt, Germany. After his BSc, he received an MSc in Computing & Security and got awarded a prize for the best overall performance from King’s College London.

View More Papers

ChargePrint: A Framework for Internet-Scale Discovery and Security Analysis...

Tony Nasr (Concordia University), Sadegh Torabi (George Mason University), Elias Bou-Harb (University of Texas at San Antonio), Claude Fachkha (University of Dubai), Chadi Assi (Concordia University)

Read More

WIP: Augmenting Vehicle Safety With Passive BLE

Noah T. Curran (University of Michigan), Kang G. Shin (University of Michigan), William Hass (Lear Corporation), Lars Wolleschensky (Lear Corporation), Rekha Singoria (Lear Corporation), Isaac Snellgrove (Lear Corporation), Ran Tao (Lear Corporation)

Read More

SoundLock: A Novel User Authentication Scheme for VR Devices...

Huadi Zhu (The University of Texas at Arlington), Mingyan Xiao (The University of Texas at Arlington), Demoria Sherman (The University of Texas at Arlington), Ming Li (The University of Texas at Arlington)

Read More

Cloud-Hosted Security Operations Center (SOC)

Drew Walsh, Kevin Conklin (Deloitte)

Read More